Letsencrypt on Ubuntu ( version 20.10 ) for ERPNext

Letsencrypt on Ubuntu ( version 20.10 ) for ERPNext Let's Encrypt - Free SSL/TLS Certificates

 · 1 min read

Let's do Letsencrypt for ERPNext now


This article is a continuation of Installing ERPNext version 13 on Ubuntu 20.10 ( 20+ or 21+ 



service nginx stop

rm /etc/nginx/sites-available/default

rm /etc/nginx/sites-enabled/default

  1. sudo apt install certbot -y
  2. sudo apt install certbot python3-certbot-nginx
  3. sudo certbot certonly -a nginx -d example.com -d www.example.com


You will get message like this

Congratulations! Your certificate and chain have been saved at:

 /etc/letsencrypt/live/example.com/fullchain.pem


Now you have certificate here in this folder /etc/letsencrypt/live/


Edit nginx configuration file. In our case /etc/nginx/conf.d/frappe-bench.conf ( as per our previous post here https://erpgulf.com/blog/support-forum/installing-erpnext-version-13-beta-on-ubuntu-2010-20 )


Goto the server section, change port 80 to 443 ( or whatever port you want )

Below added/edited lines are in BLUE letters


server {

    listen 4433 ssl;



    server_name

        www.example.com

        ;


    root /opt/bench/frappe-bench/sites;



    ssl_certificate   /etc/letsencrypt/live/www.example.com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;

    ssl_session_timeout 5m;

    ssl_session_cache shared:SSL:10m;

    ssl_session_tickets off;

    ssl_stapling on;

    ssl_stapling_verify on;

    ssl_protocols TLSv1.2 TLSv1.3;

    ssl_ciphers EECDH+AESGCM:EDH+AESGCM;

    ssl_ecdh_curve secp384r1;

    ssl_prefer_server_ciphers on;



    add_header X-Frame-Options "SAMEORIGIN";

    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";

    add_header X-Content-Type-Options nosniff;

    add_header X-XSS-Protection "1; mode=block";


Restart nginx

service nginx restart


Now you have an https site.

You can see here the full file for nginx/frappe https://github.com/ERPGulf/docs/blob/main/frappe-bench.conf

Also you need forwarders to forward from http to https and/or cut www part. It is here. put it on conf.d folder https://github.com/ERPGulf/docs/blob/main/redirect.conf


Next part is making sure letsencrypt get renewed every three months.


add this to crontab -e 15 3 * * * /usr/bin/certbot -a nginx renew --quiet



You can use this command to make sure

  1. sudo systemctl status certbot.timer

It should report " Started Run certbot twice daily "


Try a dry-run for renewal. You should get a "Congratulations" message.

  1. sudo certbot -a nginx renew --dry-run 

 

Happy hosting.


Let us know your feedback


Add another site on the same ERPNext server https://erpgulf.com/blog/linux-and-cloud/adding-antoher-site-on-ubuntu-20-21-erpnext-13


Team ERPGulf

The team behind ERPGulf blogs here, expresses their thoughts, shares the experience, often show the frustrations. Contact us on support@ERPGulf.com

No comments yet

No comments yet. Start a new discussion.

Add Comment